Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/bEXar_PDdc_u4-EMnGh7tX0LHVg.roa
File:                     bEXar_PDdc_u4-EMnGh7tX0LHVg.roa (raw, json)
Hash identifier:          tWOJsXIwz8NLZyOMtnHMC60APgOJn7JZ0y3xyIP4Gu4=
Subject key identifier:   6C:45:DA:AF:F3:C3:75:CF:EE:E3:E1:0C:9C:68:7B:B5:7D:0B:1D:58
Certificate issuer:       /CN=4ca66f3c0f25774e696d2a46723277eb961128c3
Certificate serial:       019D022542F7767AF4651A9850DCB49AC4C4
Authority key identifier: 4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/bEXar_PDdc_u4-EMnGh7tX0LHVg.roa
Signing time:             Wed 18 Mar 2026 18:11:29 +0000
ROA not before:           Wed 18 Mar 2026 18:11:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214472
IP address blocks:        176.65.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 20:56:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:02:25:42:f7:76:7a:f4:65:1a:98:50:dc:b4:9a:c4:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca66f3c0f25774e696d2a46723277eb961128c3
        Validity
            Not Before: Mar 18 18:11:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c45daaff3c375cfeee3e10c9c687bb57d0b1d58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:53:b2:38:bc:ae:68:d0:a5:4e:ff:d8:d3:5c:
                    d2:72:92:a8:ab:e6:1e:16:7f:8f:25:21:79:b6:69:
                    94:6b:97:6e:23:fb:9f:f3:17:4d:39:b2:38:ff:da:
                    44:04:d8:1e:97:37:e6:0e:e7:f5:97:01:37:cf:92:
                    00:75:76:0a:60:5c:7d:e9:dc:a0:2d:90:4d:48:47:
                    d9:eb:80:9b:33:6d:92:e0:c4:4a:44:97:59:8b:73:
                    78:44:5f:e5:60:59:80:83:71:19:a4:bf:43:c4:8c:
                    53:63:07:7d:2d:52:13:00:f6:f4:ae:a3:16:06:50:
                    84:68:3d:a6:8d:03:5c:fd:34:6f:04:dc:a6:48:5c:
                    70:78:c0:30:1d:e4:79:5b:62:33:e8:5b:71:50:e1:
                    03:fa:01:38:fc:38:4b:88:e8:19:24:76:9f:d8:09:
                    c9:98:88:88:28:42:f2:b3:4a:47:d6:66:db:c9:59:
                    30:39:cb:07:83:67:58:07:cc:4c:78:5e:4a:4d:d5:
                    a0:6e:db:43:82:e8:da:8f:94:c2:b9:02:7a:98:72:
                    39:44:56:9f:e4:7b:12:ec:ae:b2:6a:47:23:ae:9b:
                    37:a3:3e:6f:7b:78:dd:6b:bf:d5:8a:2d:19:5f:5f:
                    af:87:53:4c:09:3a:38:67:ba:36:af:cd:d2:c0:72:
                    4f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:45:DA:AF:F3:C3:75:CF:EE:E3:E1:0C:9C:68:7B:B5:7D:0B:1D:58
            X509v3 Authority Key Identifier:
                keyid:4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/bEXar_PDdc_u4-EMnGh7tX0LHVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:4e:2b:a7:fc:fe:01:ef:e6:f6:fd:23:bc:7a:26:7d:c5:30:
         4a:cd:41:d6:b9:70:e2:3d:e0:e7:bf:dc:ed:ff:50:6a:2d:f6:
         80:44:11:83:78:b5:2f:9c:2c:3b:ab:6e:83:5f:d6:ca:37:14:
         4d:83:88:8b:59:63:cf:07:cc:db:ab:86:2f:4f:ed:4a:d0:a0:
         75:68:04:44:28:16:4c:dc:c7:aa:bd:69:09:fd:14:7e:a7:86:
         94:04:3b:c3:45:8e:b2:e4:8a:f6:0b:03:e7:a1:39:2b:f5:0f:
         d6:ef:dc:04:d2:63:67:da:c0:ff:fe:6b:91:92:cd:11:dd:b5:
         fe:69:65:78:c7:da:15:9e:5a:7e:73:19:a0:eb:c0:bc:85:4a:
         cf:a7:7e:af:ee:a9:84:6b:a1:b9:0c:a3:4c:ab:b7:f9:3d:ed:
         80:fa:41:ac:a1:b6:e1:f6:f0:a4:de:1f:7f:12:53:81:95:14:
         fa:c8:49:eb:2f:2d:ff:33:0d:8b:35:de:d9:a7:c5:cc:3a:42:
         ad:dd:a3:b7:eb:d9:1c:06:0c:a2:21:de:a0:bf:ce:c9:40:8b:
         50:96:43:46:50:a4:78:96:6e:a4:94:b3:75:4b:ad:03:b8:d8:
         6f:fc:f8:de:31:80:0d:22:d9:47:f3:69:0b:f9:85:d1:60:80:
         4b:5d:91:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0CJUL3dnr0ZRqYUNy0msTEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTY2ZjNjMGYyNTc3NGU2OTZkMmE0NjcyMzI3N2ViOTYx
MTI4YzMwHhcNMjYwMzE4MTgxMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzQ1ZGFhZmYzYzM3NWNmZWVlM2UxMGM5YzY4N2JiNTdkMGIxZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlOyOLyuaNClTv/Y01zScpKoq+Ye
Fn+PJSF5tmmUa5duI/uf8xdNObI4/9pEBNgelzfmDuf1lwE3z5IAdXYKYFx96dyg
LZBNSEfZ64CbM22S4MRKRJdZi3N4RF/lYFmAg3EZpL9DxIxTYwd9LVITAPb0rqMW
BlCEaD2mjQNc/TRvBNymSFxweMAwHeR5W2Iz6FtxUOED+gE4/DhLiOgZJHaf2AnJ
mIiIKELys0pH1mbbyVkwOcsHg2dYB8xMeF5KTdWgbttDgujaj5TCuQJ6mHI5RFaf
5HsS7K6yakcjrps3oz5ve3jda7/Vii0ZX1+vh1NMCTo4Z7o2r83SwHJPtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxF2q/zw3XP7uPhDJxoe7V9Cx1YMB8GA1UdIwQY
MBaAFEymbzwPJXdOaW0qRnIyd+uWESjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUt
MzE5YjBjODc0NDQwLzEvYkVYYXJfUERkY191NC1FTW5HaDd0WDBMSFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUtMzE5YjBjODc0NDQw
LzEvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsEGLMA0G
CSqGSIb3DQEBCwUAA4IBAQCSTiun/P4B7+b2/SO8eiZ9xTBKzUHWuXDiPeDnv9zt
/1BqLfaARBGDeLUvnCw7q26DX9bKNxRNg4iLWWPPB8zbq4YvT+1K0KB1aAREKBZM
3MeqvWkJ/RR+p4aUBDvDRY6y5Ir2CwPnoTkr9Q/W79wE0mNn2sD//muRks0R3bX+
aWV4x9oVnlp+cxmg68C8hUrPp36v7qmEa6G5DKNMq7f5Pe2A+kGsobbh9vCk3h9/
ElOBlRT6yEnrLy3/Mw2LNd7Zp8XMOkKt3aO369kcBgyiId6gv87JQItQlkNGUKR4
lm6klLN1S60DuNhv/PjeMYANItlH82kL+YXRYIBLXZGy
-----END CERTIFICATE-----